Collaborate Disseminate
Recent news articles have started to talk about government networks deploying “Albert sensors” (e.g., this article). What is an Albert sensor? And how effective is it?
Going purely from context, it sounds like maybe an Alb… Continue reading What is an Albert sensor?
Sammy the sender is sending email to Rita the recipient. I know Sammy will apply a DKIM signature to the email and Rita is going to check the DKIM signature with a DKIM validator. I am a malicious man-in-the-middle. I want… Continue reading How to create email that will fool DKIM verifier?
Sammy the sender is sending email to Rita the recipient. I know Sammy will apply a DKIM signature to the email and Rita is going to check the DKIM signature with a DKIM validator. I am a malicious man-in-the-middle. I want… Continue reading How to create email that will fool DKIM verifier?
I’m looking at packet captures of TLS traffic, and I see TLS-encrypted connections where the SNI field contains a long hex string (a sequence of 64 hex nibbles) — not a domain name.
What might trigger this? I’m used to HTT… Continue reading Hex string in TLS SNI field
I know that criminals can readily find on the black market large dumps of password databases from hacked sites. These may contain the username, password, and email address for millions of users.
But what about IP addresses?… Continue reading IP addresses readily available on black market?
I’m trying to detect homograph attacks and other attacks where an attacker uses a spoof domain name that looks visually similar to a trusted domain name (e.g., bankofthevvest.com instead of bankofthewest.com).
Is there a dic… Continue reading List of visually similar characters, for detecting spoofing and social engineering attacks
Is there a way for a domain good.com to promise that it will sign all of its DNS records, and that any unsigned records for any host *.good.com should be rejected? In other words, is there a way for a zone to provide a signe… Continue reading Opt into strict DNSSEC checking – does DNSSEC provide a way for a zone to request strict signature validation?
Is there a way for a domain good.com to promise that it will sign all of its DNS records, and that any unsigned records for any host *.good.com should be rejected? In other words, is there a way for a zone to provide a signe… Continue reading Opt into strict DNSSEC checking – does DNSSEC provide a way for a zone to request strict signature validation?
Is there a way to identify which popular sites will host arbitrary user-generated content?
I am doing some analysis to detect phishing sites. It would be nice to use the popularity of a website as a way to weed out sites th… Continue reading Sites that allow user-generated content
Are there any existing data sets of spear phishing emails available?
I’ve found a bunch of data sets of phishing emails, but that’s not what I’m looking for. I’m not looking for mass phishing campaigns. Rather, I’m interested in spear p… Continue reading Spear phishing data set